Cisco Routers

• Objectives– How to log into a Cisco router and determine basic settings.

• Contents– Differences in available methods of access.

– Different levels of access permissions available on router

– How to identify router operating system and installed memory.

– Memory hierarchy, and how to best utilize it.

– How to identify interfaces.

– How to load and store configuration information.

• Practicals– working with cisco routers

• Summary

Cisco’s Three Tier Model• Core Layer

– Generally consist of 7000 series and above– Provide central internetwork for the business, and my include LAN and WAN backbones– Primary function: to provide an optimized and reliable transport structure.Conclusion: the core is designed to provide fault tolerance, and to move packets

through as fast as possible.

• Distribution Layer– Consist of 3XXX – 4XXX series routers.– Provides a “campus” backbone.– Main aggregation point for costly functions like security.Conclusion: the distribution layer polices access to the core, but also provides the

main gateway of connectivity to different logical areas.

• Access Layer– Provides access to corporate resources for a workgroup on a local segment.– Last line of layer 3 hardware between network and user segment.Conclusion: the access layer is the first and last line of defense for the network. It

represents the gateway between Layer 2 and Layer 3 connectivity for the entire structure.

Cisco's Three Tier Design Overview

Accessing a Cisco Device

• Console– Cisco serial cable to RJ-45 slot.

– Default serial port settings are 9600 N-8-1

– The console is the most powerful method of accessing a device

– Can be used to reset the password

• VTY (Virtual TTY’s)– TELNET access

– Only available if the OS is up and running

– VT100 terminal settings

• HTTP (Web interface)– Web browser access

– Only available if the OS is up and running

– Not all devices have HTTP

Levels of Access• User defined levels

– IOS (Internetwork Operating System) allows for 16 user-defined levels.

• Default levels– user

You gain access directly through login port’sUser passwords and otehr levels are stored in plaintext.

– privilegedYou gain access with command enable

– configuration modeAfther the enable password you are granted access to the final mode of

Cisco’s IOS.Enable password is stored as an MD5 hash, hard to crack.

• Unix like basic terminal syntax– Exit takes you down one level or logout at lowest level– CTRL-Z saves files– CTRL-D exits– Review all tty commands from Unix, they work

Levels of Access Overview

Command Line Semantics

• Inline help– Cisco’s command line features an inline help function.

– typing “?” will bring up a list of all available functions at level.

– typing a piece of the command, followed by a ?, like ac? Will show:

access-enable access-template– Typing show ip ? will return a list of all objects that may be viewed with

“show ip”

• Tab/Incomplete Commands (like unix bash/ksh/csh)– “show version” command or typing “show ver” will give same result

– Also, the TAB key can be used

– Standard is for most settings 1 Week

Example issuing a “show ip interfaces brief”

type:“show ip int<TAB>”

returns “show ip interfaces”

type: “brie<TAB>”

returns “show ip interfaces brief”

Cisco hot keys

Getting Access on Real Hardware

1. Obtain connectivity to your routertelnet ip-address-of-device <portnum>

If prompted to enter a configuration dialog, answer “no”.

2. You should receive a prompt Router>

This is the initial state of the router upon boot.

It currently has no configuration, as if you just removed it from the box and turned it on.

Currently, you are in user state.

It is a restricted form of access that allows you to view a limited set of router conditions.

Getting Access on Real Hardware

3. Issue the “enable” command.

The “>” symbol at the end of our prompt is now replaced with the # (octothorpe).

(Note: when a router is unconfigured, the only way to obtain the initial privileged access is via the console. Until the enable password is set up, no access to privileged mode is allowed via VTY).

4. You have now been granted privileged access.

Use some of the hot-keys and inline help functions now, and get used to the interface.

Getting Access on Real Hardware

5. Issue a “config term”

Which is short for “configure terminal”

The router should respond with a prompt that looks like : Router(config)#

Indicating that you are in configure mode.

6. The first thing we want to do is set an enable password

Try issuing an “en?” to see if there is a command available. The router should respond with: enable end

Getting Access on Real Hardware

7. Since there are two commands that begin with “en” we will have to narrow it down for the IOS.

Type “ena<TAB>”. The router should complete the command for you and respond with: enable

8. Now issue a “?” to see what parameters are available for the command.

The router gives back:

last-resort Define enable action if no TACACS servers respond password Assign the privileged level

password secret Assign the privileged level

secret use-tacacs Use TACACS to check enable passwords

Getting Access on Real Hardware

9. We want to issue a secret, so type “secret ?”Which will bring up the inline help for the now complete “enable secret” command.

(Note: a point of confusion arises here, why not issue password? Cisco’s “enable password” command does not encrypt the password in memory by default. Though encryption can be turned on, the method is very weak. “enable secret”, however, mandates the router encrypt the password using the MD5 hash. By default, if both are specified, the router will look for the secret password only)

The router will respond with: 0 Specifies an UNENCRYPTED password will follow 5 Specifies an ENCRYPTED secret will follow LINEThe UNENCRYPTED (cleartext) 'enable' secret level Set exec level password

Getting Access on Real Hardware

10. We will simply issue the cleartext password as specified by “LINE”. Issue:

enable secret cisco

11. The enable password is set, and this router will now be accessible via VTY.

Exercise – Setting the Hostname:

Now that the password is set, we would like to set the hostname. Try to do this.

(Hint: you don’t need a specific mode for this, use the inline help from the main configuration mode prompt.)

Note: when in configuration mode, a change can be un-done by issuing “no <command>” (i.e. no hostname LONDON_WAN, erases the hostname).

Cisco Router Memory Organizaton

• Flash– erasable NVRAM. Most often the residence of the IOS.

• NVRAM– also erasable NVRAM, however, it is usually much smaller than the flash used

for IOS (32K as opposed to 8-64MB). Configuration scripts are stored here.

• RAM– regular non-static Random Access Memory. Used upon power up for storage

of dynamic data like routing tables and as processing space for the protocols.

• Determining Available Memory– “show version” command outputs low-level information about the router.

Cisco Router Memory Organizaton

Determining Available Flash

• the “show flash” command outputs any and all files that are resident in flash memory.

Loading and Storing Device Configuration